Overall Security Grade
The security headers for test-project.org have been analyzed, resulting in a grade of A. There are significant areas for improvement.
HTTPS Available
Site is accessible via HTTPS.
Redirects to HTTPS
HTTP traffic is automatically redirected to HTTPS.
Detected HTTP Headers
example-insecure-value; some-flag
Ensures browsers only connect via HTTPS.
Recommendation:
Review the configuration of Strict-Transport-Security for optimal security. Expected: max-age=31536000; includeSubDomains; preload
Header not detected.
Controls resources the browser is allowed to load.
Recommendation:
The Content-Security-Policy header is missing. Implementing it is recommended for enhanced security.
SAMEORIGIN
Protects against clickjacking attacks.
example-insecure-value; some-flag
Prevents MIME-sniffing.
Recommendation:
Review the configuration of X-Content-Type-Options for optimal security. Expected: nosniff
strict-origin-when-cross-origin
Controls how much referrer information is sent.
Header not detected.
Controls access to browser features.
Recommendation:
The Permissions-Policy header is missing. Implementing it is recommended for enhanced security.
MockServer/4.5
Information about the web server software.
Sat, 06 Dec 2025 16:01:33 GMT
The date and time the message was originated.
text/html; charset=utf-8
The media type of the resource.
General Recommendations
Enable HTTPS
Ensure your website is served over HTTPS to encrypt data in transit.
Keep Software Updated
Regularly update your server software, CMS, and plugins to patch vulnerabilities.